You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ambari.apache.org by Jorn Eilander <jo...@cannonfodder.nl> on 2017/01/17 20:20:32 UTC
LDAP integration with either filter or multiple DN
Hey Guys,
Following issue:
I have an extremely large, corporate, LDAP; It limits the amount of records
I can pick up; This means I have to set the Ambari LDAP base dn quite
narrow (ie.: ou=hdp-groups,ou=department,ou=groups,o=corp)
In this base dn are several groupOfUniqueNames with in them uniqueMember;
Ambari ldap-sync correctly sees the groupOfUniqueNames and uniqueMembers.
The uniqueMembers however refer to a different base dn: ou=people,o=corp.
Ambari now skips these users claiming:
"User 'XYZ' is out of scope of the base DN. It will be skipped."
Setting the base dn to o=corp is far to wide, since ldap-sync is trying to
find all relevant objectClasses in the entire tree, LDAP kicks it out.
Is there any way I can either do a proper filter on where to find the
specific objectclasses or set a seconday base dn or something?
With kind regards,
Jorn Eilander